Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: WPS Vulnerability

Hybrid View

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default WPS Vulnerability

    Although this isn't directly backtrack related I thought this would probably be interesting to alot of people on this forum. There has been a tool called 'Reaver' released that takes advantage of a vulnerability in WPS. This can lead to much easier WPA cracking.

    http://threatpost.com/en_us/blogs/at...ability-122911

    https://code.google.com/p/reaver-wps/

  2. #2
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: WPS Vulnerability

    I have been working on this for a couple of days now. I got reaver functioning but am unable to get it to associate with the AP even though I can successfully assc with aireplay-ng.

    I don't think this attack will be that dangerous but time will tell. I disabled WPS immediately after setting up my AP a long time ago. Something does seem dumb about this. How do you make your network safer by putting up another door for hackers to knock on?

    Quote Originally Posted by Dudeman02379 View Post
    Although this isn't directly backtrack related I thought this would probably be interesting to alot of people on this forum. There has been a tool called 'Reaver' released that takes advantage of a vulnerability in WPS. This can lead to much easier WPA cracking.

    http://threatpost.com/en_us/blogs/at...ability-122911

    https://code.google.com/p/reaver-wps/
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: WPS Vulnerability

    How many attempts per second are you getting? I'm only getting one attempt every two seconds on my 2ghz core 2 duo.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Junior Member DeadlyFoez's Avatar
    Join Date
    Jul 2009
    Posts
    42

    Default Re: WPS Vulnerability

    There was an update to fix the unable to associate bug. Download the latest svn and compile. It is working for me after updating.

    I am getting 1 attempt every 17-25 seconds. I think a lot of it depends on the router you are trying to crack. Apparently my router is limiting how fast someone/something can do an attempt.
    Last edited by DeadlyFoez; 12-30-2011 at 01:20 AM.
    If at first you don't succeed, keep sucking until you do suck seed. --Curly

  5. #5
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: WPS Vulnerability

    That was helpful thanks. I have heard it goes as high as 4 tries per second, the bottleneck is the cpu of the AP and the speed depends if it has a lockout function.

    I believe this vulnerability also has DOS potential.

    Quote Originally Posted by DeadlyFoez View Post
    There was an update to fix the unable to associate bug. Download the latest svn and compile. It is working for me after updating.

    I am getting 1 attempt every 17-25 seconds. I think a lot of it depends on the router you are trying to crack. Apparently my router is limiting how fast someone/something can do an attempt.
    Last edited by Scamentology; 12-30-2011 at 01:37 AM.
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: WPS Vulnerability

    Well after about 5 hours it got my test access point key, which is my actual home network key, just on a test access point.... The funny/not-funny part is wps isn't even enabled on the router, at least not according to the gui. Stupid linksys... Oh well, it's been replaced anyway, by a better router with dd-wrt, now it's just a test router, extra when family come by.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: WPS Vulnerability

    Wow now that is interesting. I will have to do some testing on my own gear to see if I have any similar results.

  8. #8
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: WPS Vulnerability

    Scary to hear it got an AP that didnt have WPS activated !
    I just did a quick test run on my home router and it appears to
    block / not respond after a while.

    Will have to do a longer scale test after NY on both test and home router..

    Would be interesting to see what results are obtained on what types of routers...
    I will post my results when completed after 02-01

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: WPS Vulnerability

    Hey guys, try this. Set your target AP to do mac authentication, then spoof the correct mac. Now see if reaver ever associates. Mine doesn't.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    1

    Default Re: WPS Vulnerability

    I know little about linux but even I was able to crack a test AP using reaver (go me). The AP used WPA2, it took about 6 hours to crack in total. Not bad at all. I had a couple questions:

    1) The AP lists 3 options under the WPS section 1) push botton, 2) PIN, and a third option. See this pic. Since it was set to "push button" and not the pin option, why would the crack by pin still work?





    2) The PIN was set to 1234570. Im surprised reaver didnt try something like this first! My question is is there a way to enter the WPS PIN manually? I want to try other AP's i have to see if theyre set to 12345670, how would i do this ??

    thnks

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Vulnerability scanners?
    By cRaZylilmuffin in forum OLD Newbie Area
    Replies: 5
    Last Post: 12-24-2009, 09:34 PM
  2. Help with where to start looking in to a vulnerability
    By watcher_60 in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-20-2009, 02:31 PM
  3. WPA (tkip) vulnerability
    By B@Rz- in forum Angolo Wireless
    Replies: 9
    Last Post: 11-07-2009, 12:57 PM
  4. vulnerability scanning
    By ycpc55 in forum OLD Newbie Area
    Replies: 11
    Last Post: 05-06-2009, 07:45 AM
  5. About the famous DNS vulnerability.
    By imported_demente in forum OLD Specialist Topics
    Replies: 5
    Last Post: 08-31-2008, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •